Code Designed to Steal Users’ Wallet Information
The incident occurred approximately three months ago. The original author due to limited time and interest outsourced the development responsibilities to another programmer called Right9ctrl.
Flatmap-steam initially did not have any dangerous code. However, during stage two on October 5, the hacker updated flatmap-steam to include the malicious code. The malicious code is designed to steal users’ wallet information such as their private keys and send the data to a server located in Kuala Lumpur.
Github user Ayrton Sparling discovered the bad code last Tuesday and released a report on Github. The officials with the NPM, the open source project manager responsible for hosting event-stream, however, failed to issue notice and an advisory until Monday the following week, six days from the date of discovery.
Malicious Code Targets BitPay’s Copay Wallet Users
The NPM officials mentioned that the malicious code was inserted to target people who use a BItcoin wallet created by Copay. A Copay official said in a Github discussion that the code was not implemented and deployed on any platforms.
After the post, Copay officials, however, updated their comment and mentioned that there were platforms that did contain the dangerous code. In response to the situation, Copay has released a blog post updating wallet users which versions were affected and warned users that they should avoid using the application until they have installed the latest version 5.2.0 that is free from the malicious code.
“This compromise…targeted a select few developers at a company, Copay, that had a very specific development environment setup,” said an NPM Official to Ars Technica. “Even then, the payload itself didn’t run on those develops’ computers; rather, it would be packaged into a consumer-facing app when the developers build a release,” NPM noted that the overall goal of the hacker was to steal cryptocurrencies from Copay’s end users since the malicious code was not designed to attack any developers.
This post is credited to btcmanager